On 6/14/2004 11:04 PM, Douglas Otis sent forth electrons to convey:
On Mon, 2004-06-14 at 21:45, Matthew Elvey wrote:
Sorry, where can I get a domain for $0.10 US? (And I don't mean
foo.cjb.net or foo.cjb.co.uk)
If these are coming or here, as you and Gordon seem to be saying they
are, then MARID won't work as well as I had thought it would.
You think an icann-authorized TLD will start selling domains at this
price? Please explain in more detail.
To slip past a filter, new domains are simply the price of doing
business for those that abuse the system. Unlike an IP address, a
history can be expected of a domain name that is not possible with just
an IP address. New domain, offer little credit. Tried and true, offer
full credit. Tried and bad, no credit. Using a domain name with a
reasonably good authentication practice is tremendously safer than
relying solely upon the address whether or not an accreditation service
helps administrate the lists.
True, but I would like to know if domains will be avaiable for << $5.
It'll impact reputation service / RHSRxL scalability, but MARID will
still work.
IF the price approaches $0, all domains will need accredidation, and
RHSBLs become unscalable, as they will take up more space than regular
IP BLs.
We must assume spammers can warehouse domains and allow them to age,
unused, until not new.
A EHLO identifier is the way one MTA tells another MTA about himself
and his identity. It is an important fact to know if this identity is
faked. However this could probably also partially accomplished by
requiring the EHLO to match at least one PTR record and have the
forward lookup of this record match the connecting IP (aka EHLO must
match paranoid lookup).
Some of the syntax and semantics of SPF records provide useful
additional functionality without weakening the effectiveness with which
an MTA is authorized by a domain. The benefit is that it allows every
legit MTA to pass MARID inspection, even the 1-10% of legit MTAs don't
have control over rDNS, and hence don't pass the rDNS test. And yet it
ties that MTA to a domain that has a valuable reputation. That being
the goal of MARID.
The use of an SRV record has the advantage of returning all the needed
information in a single query where both authorization is discovered and
the authentication is validated.
Yup, and CSV's CSA doesn't rely on rDNS. Pretty nifty. (Though all of
hotmail's SRV records would take up much more cache space than their SPF
record, even in XML format.) I still need to mull over what SPF allows
that CSA doesn't, and whether (IMO) CSA can or should be extended.
Also, piggybacking on the deployed SPF records and creation tools is
tempting. (It seems to have hooked Microsoft.)